Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
golang go vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-30634
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows malicious user to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
Golang Go
Netapp Cloud Insights Telegraf Agent -
445
VMScore
CVE-2022-29526
Go prior to 1.17.10 and 1.18.x prior to 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
Golang Go
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp Beegfs Csi Driver -
570
VMScore
CVE-2022-1996
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.
Go-restful Project Go-restful
Fedoraproject Fedora 35
Fedoraproject Fedora 36
1 Github repository
668
VMScore
CVE-2022-26945
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0.
Hashicorp Go-getter 2.0.2
Hashicorp Go-getter
1 Github repository
668
VMScore
CVE-2022-30321
go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0.
Hashicorp Go-getter 2.0.2
Hashicorp Go-getter
668
VMScore
CVE-2022-30322
go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0.
Hashicorp Go-getter 2.0.2
Hashicorp Go-getter
668
VMScore
CVE-2022-30323
go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0.
Hashicorp Go-getter 2.0.2
Hashicorp Go-getter
384
VMScore
CVE-2022-29177
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 cont...
Ethereum Go Ethereum
446
VMScore
CVE-2022-28948
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
Yaml Project Yaml 3.0.0
Netapp Astra Trident -
2 Github repositories
445
VMScore
CVE-2022-27536
Certificate.Verify in crypto/x509 in Go 1.18.x prior to 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.
Golang Go
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »